version 1.117, 2019/09/03 08:29:15 |
version 1.118, 2019/10/31 21:19:14 |
|
|
|
|
|
|
static int |
static int |
encode_constraints(struct sshbuf *m, u_int life, u_int confirm, u_int maxsign) |
encode_constraints(struct sshbuf *m, u_int life, u_int confirm, u_int maxsign, |
|
const char *provider) |
{ |
{ |
int r; |
int r; |
|
|
|
|
(r = sshbuf_put_u32(m, maxsign)) != 0) |
(r = sshbuf_put_u32(m, maxsign)) != 0) |
goto out; |
goto out; |
} |
} |
|
if (provider != NULL) { |
|
if ((r = sshbuf_put_u8(m, |
|
SSH_AGENT_CONSTRAIN_EXTENSION)) != 0 || |
|
(r = sshbuf_put_cstring(m, |
|
"sk-provider@openssh.com")) != 0 || |
|
(r = sshbuf_put_cstring(m, provider)) != 0) |
|
goto out; |
|
} |
r = 0; |
r = 0; |
out: |
out: |
return r; |
return r; |
|
|
*/ |
*/ |
int |
int |
ssh_add_identity_constrained(int sock, struct sshkey *key, |
ssh_add_identity_constrained(int sock, struct sshkey *key, |
const char *comment, u_int life, u_int confirm, u_int maxsign) |
const char *comment, u_int life, u_int confirm, u_int maxsign, |
|
const char *provider) |
{ |
{ |
struct sshbuf *msg; |
struct sshbuf *msg; |
int r, constrained = (life || confirm || maxsign); |
int r, constrained = (life || confirm || maxsign || provider); |
u_char type; |
u_char type; |
|
|
if ((msg = sshbuf_new()) == NULL) |
if ((msg = sshbuf_new()) == NULL) |
|
|
case KEY_DSA_CERT: |
case KEY_DSA_CERT: |
case KEY_ECDSA: |
case KEY_ECDSA: |
case KEY_ECDSA_CERT: |
case KEY_ECDSA_CERT: |
|
case KEY_ECDSA_SK: |
|
case KEY_ECDSA_SK_CERT: |
#endif |
#endif |
case KEY_ED25519: |
case KEY_ED25519: |
case KEY_ED25519_CERT: |
case KEY_ED25519_CERT: |
|
|
goto out; |
goto out; |
} |
} |
if (constrained && |
if (constrained && |
(r = encode_constraints(msg, life, confirm, maxsign)) != 0) |
(r = encode_constraints(msg, life, confirm, maxsign, |
|
provider)) != 0) |
goto out; |
goto out; |
if ((r = ssh_request_reply(sock, msg, msg)) != 0) |
if ((r = ssh_request_reply(sock, msg, msg)) != 0) |
goto out; |
goto out; |
|
|
(r = sshbuf_put_cstring(msg, pin)) != 0) |
(r = sshbuf_put_cstring(msg, pin)) != 0) |
goto out; |
goto out; |
if (constrained && |
if (constrained && |
(r = encode_constraints(msg, life, confirm, 0)) != 0) |
(r = encode_constraints(msg, life, confirm, 0, NULL)) != 0) |
goto out; |
goto out; |
if ((r = ssh_request_reply(sock, msg, msg)) != 0) |
if ((r = ssh_request_reply(sock, msg, msg)) != 0) |
goto out; |
goto out; |